Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@datadog/native-iast-rewriter
Advanced tools
Nodejs native AST rewriter heavily based on Speedy Web Compiler o SWC compiler used to instrument Javascript source files.
+
and +=
, template literals and some String methodsconst Rewriter = require('@datadog/native-iast-rewriter')
const rewriter = new Rewriter(rewriterConfig)
const result = rewriter.rewrite(code, filename)
RewriterConfig {
// enable/disable sourceMap chaining - false by default
chainSourceMap?: boolean
// enable/disable comments printing - false by default
comments?: boolean
// establishes the prefix for the injected local variables - 6 random characters by default
localVarPrefix?: string
// sets the list of methods or operators to be rewritten
csiMethods?: Array<CsiMethod>
// extracts hardcoded string literals - true by default
literals?: boolean
}
CsiMethod {
// name of the String method to rewrite
src: string
// optional name of the replacement method. If not specified a convention shall be used
dst?: string
// indicates if it is an operator like +
operator?: boolean
}
const Rewriter = require('@datadog/native-iast-rewriter')
const rewriterConfig = {
csiMethods: [{ src: 'substring' }],
localVarPrefix: 'test',
}
const rewriter = new Rewriter(rewriterConfig)
const code = `function sub(a) {
return a.substring(1)
}`
const result = rewriter.rewrite(code, filename)
console.log(result.content)
/*
function sub(a) {
let __datadog_test_0, __datadog_test_1;
return (__datadog_test_0 = a, __datadog_test_1 = __datadog_test_0.substring, _ddiast.stringSubstring(__datadog_test_1.call(__datadog_test_0, 1), __datadog_test_1, __datadog_test_0, 1));
}
*/
To set up the project locally, you should install cargo
and wasm-pack
:
$ curl https://sh.rustup.rs -sSf | sh
$ cargo install wasm-pack
and project dependencies:
$ npm install
Build the project with
$ npm run build
It will compile WASM binaries by default and then it will be possible to run the tests with
$ npm t
FAQs
Datadog IAST instrumentation addon for NodeJS
The npm package @datadog/native-iast-rewriter receives a total of 2,173,402 weekly downloads. As such, @datadog/native-iast-rewriter popularity was classified as popular.
We found that @datadog/native-iast-rewriter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.